GNU logs - #30143, boring messages


Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#30143: UX: print warning if substitute server is not authorized
Resent-From: Ricardo Wurmus <ricardo.wurmus@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Wed, 17 Jan 2018 12:18:01 +0000
Resent-Message-ID: <handler.30143.B.151619147422441 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 30143
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 30143 <at> debbugs.gnu.org
X-Debbugs-Original-To: <bug-guix@HIDDEN>
Received: via spool by submit <at> debbugs.gnu.org id=B.151619147422441
          (code B ref -1); Wed, 17 Jan 2018 12:18:01 +0000
Received: (at submit) by debbugs.gnu.org; 17 Jan 2018 12:17:54 +0000
Received: from localhost ([127.0.0.1]:59503 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1ebmfB-0005pt-Od
	for submit <at> debbugs.gnu.org; Wed, 17 Jan 2018 07:17:54 -0500
Received: from eggs.gnu.org ([208.118.235.92]:50323)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <Ricardo.Wurmus@HIDDEN>) id 1ebmf8-0005pf-PA
 for submit <at> debbugs.gnu.org; Wed, 17 Jan 2018 07:17:51 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <Ricardo.Wurmus@HIDDEN>) id 1ebmf2-0005vW-7e
 for submit <at> debbugs.gnu.org; Wed, 17 Jan 2018 07:17:45 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,T_DKIM_INVALID
 autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:50846)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <Ricardo.Wurmus@HIDDEN>)
 id 1ebmf2-0005vJ-4u
 for submit <at> debbugs.gnu.org; Wed, 17 Jan 2018 07:17:44 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41280)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <Ricardo.Wurmus@HIDDEN>) id 1ebmf0-0004ag-TX
 for bug-guix@HIDDEN; Wed, 17 Jan 2018 07:17:43 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <Ricardo.Wurmus@HIDDEN>) id 1ebmew-0005r8-Py
 for bug-guix@HIDDEN; Wed, 17 Jan 2018 07:17:42 -0500
Received: from venus.bbbm.mdc-berlin.de ([141.80.25.30]:36380)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <Ricardo.Wurmus@HIDDEN>)
 id 1ebmew-0005pz-Fj
 for bug-guix@HIDDEN; Wed, 17 Jan 2018 07:17:38 -0500
Received: from localhost (localhost [127.0.0.1])
 by venus.bbbm.mdc-berlin.de (Postfix) with ESMTP id 851FC3811A5
 for <bug-guix@HIDDEN>; Wed, 17 Jan 2018 13:17:36 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mdc-berlin.de; h=
 content-transfer-encoding:content-type:content-type:mime-version
 :message-id:date:date:subject:subject:from:from:user-agent
 :received:received:received:received; s=mdc; t=1516191456; x=
 1518005857; bh=eRQVvdJyiLwK6D0e9pjzrl+3z+ILwNeE778QbS4nZ1w=; b=l
 xHZ+FDJjIS1Q0FY+PaSY1zQeCyUinwhgG21tztLKO5IZrDlQb2+0vpRtRaucegKu
 TplEvjhB/8CqWCQAQjK2Vt6DzgnRHkw8KCrgg2oJ5luYR+rDkBN750V+8U24790R
 dIdlkaSzUxlyIsYPb8E02ZQduBC45nA1mUep+62vYg=
X-Virus-Scanned: amavisd-new at mdc-berlin.de
Received: from venus.bbbm.mdc-berlin.de ([127.0.0.1])
 by localhost (venus.bbbm.mdc-berlin.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id RUitgw96wcJ1 for <bug-guix@HIDDEN>;
 Wed, 17 Jan 2018 13:17:36 +0100 (CET)
Received: from HTCAONE.mdc-berlin.net (puck.citx.mdc-berlin.de [141.80.36.101])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by venus.bbbm.mdc-berlin.de (Postfix) with ESMTPS
 for <bug-guix@HIDDEN>; Wed, 17 Jan 2018 13:17:36 +0100 (CET)
Received: from SW-IT-P-CAS3.mdc-berlin.net (141.80.113.58) by
 HTCAONE.mdc-berlin.net (141.80.180.120) with Microsoft SMTP Server (TLS) id
 14.3.361.1; Wed, 17 Jan 2018 13:17:32 +0100
Received: from localhost (141.80.113.52) by SW-IT-P-CAS3.mdc-berlin.net
 (141.80.113.58) with Microsoft SMTP Server id 14.3.361.1; Wed, 17 Jan 2018
 13:17:29 +0100
User-agent: mu4e 0.9.18; emacs 25.3.1
From: Ricardo Wurmus <ricardo.wurmus@HIDDEN>
X-URL: https://elephly.net
X-PGP-Key: https://elephly.net/rekado.pubkey
X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
Date: Wed, 17 Jan 2018 13:17:19 +0100
Message-ID: <idjpo681xyo.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
X-Originating-IP: [141.80.113.52]
X-TM-AS-Product-Ver: SMEX-11.0.0.4283-8.200.1013-23600.006
X-TM-AS-Result: No--1.901600-0.000000-31
X-TM-AS-MatchedID: 708915-704421-139705-711521-707451-847216-701516-702106-7
 00756-700454-703454-703179-703712-136070-701220-702358-148004-148133-10007-
 41000-42000-42003-63
X-TM-AS-User-Approved-Sender: Yes
X-TM-AS-User-Blocked-Sender: No
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
 [fuzzy]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -5.0 (-----)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

Suppose I add example.com as a substitute server by passing
=E2=80=9C--substitute-urls=3Dhttps://example.com=E2=80=9D to the daemon o=
r the Guix
command line.  I haven=E2=80=99t authorized the signing key, so Guix won=E2=
=80=99t
accept any of the substitutes from example.com.

Currently, Guix does not make it obvious to the user that a requested
substitute server is ignored because its key is not authorized.  We
should print a clear warning in this case.

(guix scripts authenticate) already includes =E2=80=9Cvalidate-signature=E2=
=80=9D, which
aborts with an error if the key is not authorized, but we don=E2=80=99t s=
eem to
use it.

--
Ricardo




Message sent:


Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
Content-Type: text/plain; charset=utf-8
X-Loop: help-debbugs@HIDDEN
From: help-debbugs@HIDDEN (GNU bug Tracking System)
To: Ricardo Wurmus <ricardo.wurmus@HIDDEN>
Subject: bug#30143: Acknowledgement (UX: print warning if substitute
 server is not authorized)
Message-ID: <handler.30143.B.151619147422441.ack <at> debbugs.gnu.org>
References: <idjpo681xyo.fsf@HIDDEN>
X-Gnu-PR-Message: ack 30143
X-Gnu-PR-Package: guix
Reply-To: 30143 <at> debbugs.gnu.org
Date: Wed, 17 Jan 2018 12:18:02 +0000

Thank you for filing a new bug report with debbugs.gnu.org.

This is an automatically generated reply to let you know your message
has been received.

Your message is being forwarded to the package maintainers and other
interested parties for their attention; they will reply in due course.

Your message has been sent to the package maintainer(s):
 bug-guix@HIDDEN

If you wish to submit further information on this problem, please
send it to 30143 <at> debbugs.gnu.org.

Please do not send mail to help-debbugs@HIDDEN unless you wish
to report a problem with the Bug-tracking system.

--=20
30143: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D30143
GNU Bug Tracking System
Contact help-debbugs@HIDDEN with problems


Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#30143: UX: print warning if substitute server is not authorized
Resent-From: Chris Marusich <cmmarusich@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Mon, 22 Jan 2018 07:09:02 +0000
Resent-Message-ID: <handler.30143.B30143.151660493131924 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 30143
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Ricardo Wurmus <ricardo.wurmus@HIDDEN>
Cc: 30143 <at> debbugs.gnu.org
Received: via spool by 30143-submit <at> debbugs.gnu.org id=B30143.151660493131924
          (code B ref 30143); Mon, 22 Jan 2018 07:09:02 +0000
Received: (at 30143) by debbugs.gnu.org; 22 Jan 2018 07:08:51 +0000
Received: from localhost ([127.0.0.1]:37658 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1edWDq-0008Ip-PI
	for submit <at> debbugs.gnu.org; Mon, 22 Jan 2018 02:08:50 -0500
Received: from mail-it0-f54.google.com ([209.85.214.54]:41845)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <cmmarusich@HIDDEN>) id 1edWDo-0008Ic-Rr
 for 30143 <at> debbugs.gnu.org; Mon, 22 Jan 2018 02:08:49 -0500
Received: by mail-it0-f54.google.com with SMTP id b77so8782755itd.0
 for <30143 <at> debbugs.gnu.org>; Sun, 21 Jan 2018 23:08:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version;
 bh=MYQ3zM0cdJshOaagk8JKA43uy5eGiafjZt1EQeNPL0Q=;
 b=khGr4W5DLrAVeNqRL0gq9MVn1jJ8GALOyQJ5mvNaNXL9Tm4LAIysScoZDKH3VcVg4R
 gSmV3tM/IpSf2Z3wLJOtC/B7vP4Vz5XHMNfPClnLx/hfTl4a/VYAISvAl2QEUEm+Df77
 l/Vzup+pP4Bw0AhEpvoBpmAdOy1OpP3hJ0qGEv9XkZ/WNHGrwYiYvLB86wE6VhkL9dnh
 4A+o+IMqLMPHVyImVIY2F6Mpip22oqrBZS9f5GD/xgVLK8P3LByafcl38ZaCMuoKm27n
 wSjy6tPUtShIBCA9d3Xbt75rRJHI/RXQitMQ74n21EewvhyiQnY2TehRWq9T6uskB+6v
 txsA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
 :message-id:user-agent:mime-version;
 bh=MYQ3zM0cdJshOaagk8JKA43uy5eGiafjZt1EQeNPL0Q=;
 b=jOJn9bZSXygeUnc2+4ufXg+vGpXwnkqC6Kep6GUYPwgf102EdvLTmnTGxjjFr/MV+y
 N5mzmucm0QHze7Z8GHe7Qf68Ro9s17tPmpsnyMDkT6gREJoxf+bauViPU+xzQJuzMAGv
 EhQVKBuLHNcatQ/jsLgVIUqf8183zL1j2CCNqc1wcEEN+9cJxg+J/h9BD2RSF7U+NSqZ
 6Z1Bev8iUY406nWMez3hSZfM1hru3giT2U6h/qOksfctMQOR5JU6UCqKDlxGcM0lV32v
 pcqu4R8VVcTf8hROVHpXlE80QG6U4FXH2OWR3EkowL3OnfsZGE7I6X9u+hVmC4D1n/hf
 kzzQ==
X-Gm-Message-State: AKwxytdibOai51A1SRM5cSQd8p9vfnOV0FtXYPKl5fj+NJSHpJL5M7vK
 zvgcJ6bSKDFQ2WfUIHBPvskB+g==
X-Google-Smtp-Source: AH8x224X54ztSa2dKu0p7lDngHY4jukMbF7YpX64cFh50VwQyZX6Es+j7uz07mO+atkd3k/ejkD1ww==
X-Received: by 10.36.215.134 with SMTP id y128mr7122672itg.114.1516604922668; 
 Sun, 21 Jan 2018 23:08:42 -0800 (PST)
Received: from garuda.local ([2601:602:9d02:4725:6495:ba21:1ebe:620a])
 by smtp.gmail.com with ESMTPSA id m71sm1725584iom.70.2018.01.21.23.08.41
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Sun, 21 Jan 2018 23:08:41 -0800 (PST)
From: Chris Marusich <cmmarusich@HIDDEN>
References: <idjpo681xyo.fsf@HIDDEN>
Date: Sun, 21 Jan 2018 23:08:39 -0800
In-Reply-To: <idjpo681xyo.fsf@HIDDEN> (Ricardo Wurmus's
 message of "Wed, 17 Jan 2018 13:17:19 +0100")
Message-ID: <87a7x6xte0.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Ricardo Wurmus <ricardo.wurmus@HIDDEN> writes:

> Suppose I add example.com as a substitute server by passing
> =E2=80=9C--substitute-urls=3Dhttps://example.com=E2=80=9D to the daemon o=
r the Guix
> command line.  I haven=E2=80=99t authorized the signing key, so Guix won=
=E2=80=99t
> accept any of the substitutes from example.com.
>
> Currently, Guix does not make it obvious to the user that a requested
> substitute server is ignored because its key is not authorized.  We
> should print a clear warning in this case.
>
> (guix scripts authenticate) already includes =E2=80=9Cvalidate-signature=
=E2=80=9D, which
> aborts with an error if the key is not authorized, but we don=E2=80=99t s=
eem to
> use it.

What if example.com serves substitutes that are signed by another
server, such as hydra.gnu.org?  No matter where a substitute comes from,
if it was signed with an authorized key and its signature checks out,
then it's OK to use, right?

=2D-=20
Chris

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlpljfcACgkQ3UCaFdgi
Rp36txAA2IV+AfvqRPXhFjA9bwlhUzk3ly9D/GE6OH5yddJUFcvnCbcgpgdEwYLk
kEXRv8Q73JpK8qYG1mlzlgqV2JO7cznjERN4r86ApU2nCmIRdldXH3dPveW4k+Sj
twHQ4D1+49JH06usnIGmjdmuVoRxwltkCO89l6W3NYlZHl6PUDdZMfKo1reVI9F4
zC+f5Jt0MqJDJirP2C+F3/p3oOew/u/NmmuEl0Ii4pKoEL2M8sNU+4FxJkKPEwvI
C7a5bMaaPWJK2pbnBKZj/l49viRX6v7EyfxnB7fDQY4K7T0vwC/VS8MPa8gTZnir
NcGJU4p+K5k6Zo2TQsQoIgIJ126ZODDTov8L/6auZoaNUGGT09kGYAIDMzrbkVQ3
vs3cSkvkYxDQYSEX79indELjH3eEbfo4CWIRpo9ppWfFa4OJi9HlL1S3L0iLdVpq
0v7a0gIaRuoL3aeInnMCsPLfCw7Ts4NlPX6atoKiwJEeLWI6Y1+9B5RhDa3nt3ZU
ZHvMabv3ruJ2UeyACPYS6tsZQIAKuWCYgQzRXQ3RJqhdL1wdoenFqPrdf1YdfxB9
7b1UlIrfuExnZzYjuqipq5vAi9QjSJBghfcYIykZmTWaRyFAdPRVBTAYlzTCpzRb
bgmwklMtuJRD7w7/79PTzuzGp1q+m6QmCllDHhEwwkfNGp+QgFI=
=idpO
-----END PGP SIGNATURE-----
--=-=-=--




Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#30143: UX: print warning if substitute server is not authorized
Resent-From: Ricardo Wurmus <ricardo.wurmus@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Tue, 23 Jan 2018 07:01:01 +0000
Resent-Message-ID: <handler.30143.B30143.15166908296942 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 30143
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Chris Marusich <cmmarusich@HIDDEN>
Cc: 30143 <at> debbugs.gnu.org
Received: via spool by 30143-submit <at> debbugs.gnu.org id=B30143.15166908296942
          (code B ref 30143); Tue, 23 Jan 2018 07:01:01 +0000
Received: (at 30143) by debbugs.gnu.org; 23 Jan 2018 07:00:29 +0000
Received: from localhost ([127.0.0.1]:38931 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1edsZJ-0001nu-5D
	for submit <at> debbugs.gnu.org; Tue, 23 Jan 2018 02:00:29 -0500
Received: from sinope02.bbbm.mdc-berlin.de ([141.80.25.24]:47564)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <Ricardo.Wurmus@HIDDEN>) id 1edsZF-0001ni-P6
 for 30143 <at> debbugs.gnu.org; Tue, 23 Jan 2018 02:00:27 -0500
Received: from localhost (localhost [127.0.0.1])
 by sinope02.bbbm.mdc-berlin.de (Postfix) with ESMTP id A01A9F518B0;
 Tue, 23 Jan 2018 08:00:24 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mdc-berlin.de; h=
 content-transfer-encoding:content-type:content-type:mime-version
 :message-id:date:date:in-reply-to:subject:subject:from:from
 :user-agent:references:received:received:received:received; s=
 mdc; t=1516690819; x=1518505220; bh=xywlfKZu/whLqGO6FbAneQiPEGD7
 dn1GQxz58H8U2FM=; b=l17rymbd6YMF4JhQRTx7K1C4hd/lIoAq5QI+9obRuBR9
 Yl/VWhYCevsRzpi2gKXKwWz+RQly9mdftlp14uLd4F0GWt2b2XOvUg0F9bq4VQYE
 59YwDrei99Q1PSxDaOwAZGF1b8Ycj+mG18Mhk9AeI0o7dIx6YfMK0ekpIfVDiwQ=
X-Virus-Scanned: amavisd-new at mdc-berlin.de
Received: from sinope02.bbbm.mdc-berlin.de ([127.0.0.1])
 by localhost (sinope02.bbbm.mdc-berlin.de [127.0.0.1]) (amavisd-new,
 port 10024)
 with ESMTP id Ipu2PasRjUfK; Tue, 23 Jan 2018 08:00:19 +0100 (CET)
Received: from HTCATWO.mdc-berlin.net (puck.citx.mdc-berlin.de [141.80.36.101])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by sinope02.bbbm.mdc-berlin.de (Postfix) with ESMTPS;
 Tue, 23 Jan 2018 08:00:19 +0100 (CET)
Received: from SW-IT-P-CAS3.mdc-berlin.net (141.80.113.58) by
 HTCATWO.mdc-berlin.net (141.80.180.190) with Microsoft SMTP Server (TLS) id
 14.3.361.1; Tue, 23 Jan 2018 08:00:13 +0100
Received: from localhost (141.80.113.52) by SW-IT-P-CAS3.mdc-berlin.net
 (141.80.113.58) with Microsoft SMTP Server id 14.3.361.1; Tue, 23 Jan 2018
 07:50:12 +0100
References: <idjpo681xyo.fsf@HIDDEN>
 <87a7x6xte0.fsf@HIDDEN>
User-agent: mu4e 1.0-alpha3; emacs 25.3.1
From: Ricardo Wurmus <ricardo.wurmus@HIDDEN>
In-Reply-To: <87a7x6xte0.fsf@HIDDEN>
X-URL: https://elephly.net
X-PGP-Key: https://elephly.net/rekado.pubkey
X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
Date: Tue, 23 Jan 2018 07:50:02 +0100
Message-ID: <87shaxyspx.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Originating-IP: [141.80.113.52]
X-TM-AS-Product-Ver: SMEX-11.0.0.4283-8.200.1013-23614.005
X-TM-AS-Result: No--0.329800-0.000000-31
X-TM-AS-MatchedID: 150567-703731-139010-708915-704421-139705-711521-707451-8
 47216-701516-702106-700756-700454-703454-703179-703712-136070-701220-702358
 -701914-703786-148004-148133-42000-42003-63
X-TM-AS-User-Approved-Sender: Yes
X-TM-AS-User-Blocked-Sender: No
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.0 (/)


Chris Marusich <cmmarusich@HIDDEN> writes:

> Ricardo Wurmus <ricardo.wurmus@HIDDEN> writes:
>
>> Suppose I add example.com as a substitute server by passing
>> “--substitute-urls=https://example.com” to the daemon or the Guix
>> command line.  I haven’t authorized the signing key, so Guix won’t
>> accept any of the substitutes from example.com.
>>
>> Currently, Guix does not make it obvious to the user that a requested
>> substitute server is ignored because its key is not authorized.  We
>> should print a clear warning in this case.
>>
>> (guix scripts authenticate) already includes “validate-signature”, which
>> aborts with an error if the key is not authorized, but we don’t seem to
>> use it.
>
> What if example.com serves substitutes that are signed by another
> server, such as hydra.gnu.org?  No matter where a substitute comes from,
> if it was signed with an authorized key and its signature checks out,
> then it's OK to use, right?

Correct.

-- 
Ricardo





Last modified: Mon, 25 Nov 2019 12:00:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.